We may earn an affiliate commission when you visit our partners.
Matthew Lloyd Davies
Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.
Read more
Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.
Read more
Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.
Volt Typhoon abused various command and scripting interpreters, such as PowerShell and the Windows Command Shell, as a way to execute arbitrary commands for the purpose of host and network enumeration, establishing command and control infrastructure, and evading defenses. In this course, Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation, you’ll focus specifically on how Volt Typhoon used the Windows Command Shell to gather information about hosts, users, and wider network information after gaining initial access to critical infrastructure networks. The commands they used are commonly used by system administrators on a day to day basis, so it was an incredibly stealthy technique that allowed Volt Typhoon to remain hidden within the networks for several years.
Register for this course and see more details by visiting:
OpenCourser.com/course/z93b0b/volt
Here's a deal for you
We found an offer that may be relevant to this course.
Save money when you learn.
All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
What's inside
Syllabus
Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Develops command and scripting interpreter emulation skills and knowledge, which are core skills for cybersecurity professionals
Taught by instructors with expertise in cybersecurity, Matthew Lloyd Davies, recognized for their work in the field
Examines Volt Typhoon's techniques, which are highly relevant to understanding cybersecurity threats and defenses
Provides insights into the stealth tactics used by sophisticated threat actors, adding color to the understanding of cybersecurity
Requires prior knowledge in cybersecurity, making it suitable for intermediate learners
Save this course
Save Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation to your list so you can find it easily later:
Save
Save
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation with these
activities:
Attend a Workshop on Command and Scripting Interpreter Emulation
Show steps
Expand your knowledge and skills in command and scripting interpreter emulation by attending a specialized workshop.
Show steps
-
Research upcoming workshops on command and scripting interpreter emulation.
-
Register for a workshop that aligns with your learning goals.
-
Attend the workshop and actively participate in the sessions.
Review foundational command line commands
Show steps
Refresh your knowledge of basic command line commands to prepare for this course.
Browse courses on
Command Line Interface
Show steps
-
Access a terminal emulator on your computer.
-
Run commands to navigate directories, list files, and create new files.
Follow tutorials on PowerShell and the Windows Command Shell
Show steps
Familiarize yourself with the specific commands and techniques used by Volt Typhoon to execute commands and establish command and control infrastructure.
Browse courses on
Powershell
Show steps
-
Find online tutorials on PowerShell and the Windows Command Shell.
-
Follow the tutorials to practice using the commands covered in this course.
14 other activities
Expand to see all activities and additional details
Show all 17 activities
Read the Book: Practical Malware Analysis
Show steps
Enhance your understanding of malware analysis techniques, as used by Volt Typhoon, by reviewing this recommended text.
View
Practical Malware Analysis: The Hands-On Guide...
on Amazon
Show steps
-
Obtain a copy of the book.
-
Read the chapters relevant to command and scripting interpreter emulation.
-
Take notes and highlight key concepts.
Practice using the commands covered in this course
Show steps
Reinforce your understanding of the commands and techniques used by Volt Typhoon by practicing them in a hands-on environment.
Show steps
-
Set up a virtual machine or testing environment.
-
Run the commands covered in this course to gather information, establish command and control, and evade defenses.
Connect with Experts in Command and Scripting Interpreter Emulation
Show steps
Accelerate your learning by reaching out to professionals who specialize in command and scripting interpreter emulation.
Show steps
-
Identify potential mentors through online forums, social media, or professional organizations.
-
Craft a personalized message introducing yourself and expressing your interest in mentorship.
-
Follow up with your mentors regularly to ask questions and share your progress.
Examine Windows Command Shell Commands
Show steps
Practice using the Windows Command Shell commands to gain a deeper understanding of how Volt Typhoon leveraged them.
Show steps
-
Open the Windows Command Shell as an administrator.
-
Execute the following commands to gather information about your system:
-
- systeminfo
-
- ipconfig /all
-
- whoami
Command Shell Tuturials
Show steps
Review some of the command line basics that hackers and sysadmins use every day.
Show steps
-
Review Windows Command Shell syntax.
-
Execute command shell commands.
Practice Using the Command Shell
Show steps
Get some hands-on experience working with the command shell.
Show steps
-
List files and directories.
-
Create and delete files.
-
Execute commands.
Interpret Windows Command Shell Script Output
Show steps
Develop your ability to interpret the output of Windows Command Shell scripts to better understand how Volt Typhoon used them.
Show steps
-
Create a batch file with the following contents:
-
@echo off
-
ipconfig
-
whoami
-
systeminfo > systeminfo_output.txt
Write a blog post or article summarizing the techniques used by Volt Typhoon
Show steps
Deepen your understanding of the material by explaining it to others.
Show steps
-
Choose the specific techniques used by Volt Typhoon that you want to cover.
-
Research and gather information about these techniques.
-
Write a blog post or article that clearly explains how these techniques work and how they were used by Volt Typhoon.
Command Shell Cheat Sheet
Show steps
Create a cheat sheet of useful command shell commands.
Show steps
-
Research commonly used command shell commands.
-
Organize commands into categories.
-
Create a cheat sheet.
Explore Command and Scripting Interpreter Emulation Techniques
Show steps
Enhance your knowledge of command and scripting interpreter emulation by following guided tutorials.
Show steps
-
Search online for tutorials on command and scripting interpreter emulation.
-
Follow the steps provided in the tutorials to experiment with different techniques.
-
Document your findings and observations in a notebook.
Attend a cybersecurity conference or meet-up
Show steps
Connect with other cybersecurity professionals and learn about the latest trends and techniques.
Show steps
-
Find a cybersecurity conference or meet-up in your area.
-
Attend the event and network with other attendees.
Mentor New Command Shell Users
Show steps
Help others learn about the command shell.
Show steps
-
Identify someone who needs help with the command shell.
-
Provide guidance and support.
Develop a PowerShell Script for Network Reconnaissance
Show steps
Gain practical experience in using scripting languages like PowerShell for network exploration, similar to the tactics employed by Volt Typhoon.
Browse courses on
Network Reconnaissance
Show steps
-
Learn the basics of PowerShell scripting.
-
Develop a PowerShell script that performs network reconnaissance tasks, such as host discovery and port scanning.
-
Test your script in a lab environment.
Contribute to an open-source cybersecurity project
Show steps
Gain hands-on experience and learn from others by contributing to an open-source project in the cybersecurity field.
Show steps
-
Find an open-source cybersecurity project that interests you.
-
Identify ways that you can contribute to the project.
-
Reach out to the project maintainers and offer your help.
Attend a Workshop on Command and Scripting Interpreter Emulation
Show steps
Expand your knowledge and skills in command and scripting interpreter emulation by attending a specialized workshop.
Show steps
Show steps
Show steps
- Research upcoming workshops on command and scripting interpreter emulation.
- Register for a workshop that aligns with your learning goals.
- Attend the workshop and actively participate in the sessions.
Review foundational command line commands
Show steps
Refresh your knowledge of basic command line commands to prepare for this course.
Browse courses on
Command Line Interface
Show steps
Show steps
Show steps
- Access a terminal emulator on your computer.
- Run commands to navigate directories, list files, and create new files.
Follow tutorials on PowerShell and the Windows Command Shell
Show steps
Familiarize yourself with the specific commands and techniques used by Volt Typhoon to execute commands and establish command and control infrastructure.
Browse courses on
Powershell
Show steps
Show steps
Show steps
- Find online tutorials on PowerShell and the Windows Command Shell.
- Follow the tutorials to practice using the commands covered in this course.
14 other activities
Expand to see all activities and additional details
Show all 17 activities
Read the Book: Practical Malware Analysis
Show steps
Enhance your understanding of malware analysis techniques, as used by Volt Typhoon, by reviewing this recommended text.
View
Practical Malware Analysis: The Hands-On Guide...
on Amazon
Show steps
Show steps
Show steps
- Obtain a copy of the book.
- Read the chapters relevant to command and scripting interpreter emulation.
- Take notes and highlight key concepts.
Practice using the commands covered in this course
Show steps
Reinforce your understanding of the commands and techniques used by Volt Typhoon by practicing them in a hands-on environment.
Show steps
Show steps
Show steps
- Set up a virtual machine or testing environment.
- Run the commands covered in this course to gather information, establish command and control, and evade defenses.
Connect with Experts in Command and Scripting Interpreter Emulation
Show steps
Accelerate your learning by reaching out to professionals who specialize in command and scripting interpreter emulation.
Show steps
Show steps
Show steps
- Identify potential mentors through online forums, social media, or professional organizations.
- Craft a personalized message introducing yourself and expressing your interest in mentorship.
- Follow up with your mentors regularly to ask questions and share your progress.
Examine Windows Command Shell Commands
Show steps
Practice using the Windows Command Shell commands to gain a deeper understanding of how Volt Typhoon leveraged them.
Show steps
Show steps
Show steps
- Open the Windows Command Shell as an administrator.
- Execute the following commands to gather information about your system:
- - systeminfo
- - ipconfig /all
- - whoami
Command Shell Tuturials
Show steps
Review some of the command line basics that hackers and sysadmins use every day.
Show steps
Show steps
Show steps
- Review Windows Command Shell syntax.
- Execute command shell commands.
Practice Using the Command Shell
Show steps
Get some hands-on experience working with the command shell.
Show steps
Show steps
Show steps
- List files and directories.
- Create and delete files.
- Execute commands.
Interpret Windows Command Shell Script Output
Show steps
Develop your ability to interpret the output of Windows Command Shell scripts to better understand how Volt Typhoon used them.
Show steps
Show steps
Show steps
- Create a batch file with the following contents:
- @echo off
- ipconfig
- whoami
- systeminfo > systeminfo_output.txt
Write a blog post or article summarizing the techniques used by Volt Typhoon
Show steps
Deepen your understanding of the material by explaining it to others.
Show steps
Show steps
Show steps
- Choose the specific techniques used by Volt Typhoon that you want to cover.
- Research and gather information about these techniques.
- Write a blog post or article that clearly explains how these techniques work and how they were used by Volt Typhoon.
Command Shell Cheat Sheet
Show steps
Create a cheat sheet of useful command shell commands.
Show steps
Show steps
Show steps
- Research commonly used command shell commands.
- Organize commands into categories.
- Create a cheat sheet.
Explore Command and Scripting Interpreter Emulation Techniques
Show steps
Enhance your knowledge of command and scripting interpreter emulation by following guided tutorials.
Show steps
Show steps
Show steps
- Search online for tutorials on command and scripting interpreter emulation.
- Follow the steps provided in the tutorials to experiment with different techniques.
- Document your findings and observations in a notebook.
Attend a cybersecurity conference or meet-up
Show steps
Connect with other cybersecurity professionals and learn about the latest trends and techniques.
Show steps
Show steps
Show steps
- Find a cybersecurity conference or meet-up in your area.
- Attend the event and network with other attendees.
Mentor New Command Shell Users
Show steps
Help others learn about the command shell.
Show steps
Show steps
Show steps
- Identify someone who needs help with the command shell.
- Provide guidance and support.
Develop a PowerShell Script for Network Reconnaissance
Show steps
Gain practical experience in using scripting languages like PowerShell for network exploration, similar to the tactics employed by Volt Typhoon.
Browse courses on
Network Reconnaissance
Show steps
Show steps
Show steps
- Learn the basics of PowerShell scripting.
- Develop a PowerShell script that performs network reconnaissance tasks, such as host discovery and port scanning.
- Test your script in a lab environment.
Contribute to an open-source cybersecurity project
Show steps
Gain hands-on experience and learn from others by contributing to an open-source project in the cybersecurity field.
Show steps
Show steps
Show steps
- Find an open-source cybersecurity project that interests you.
- Identify ways that you can contribute to the project.
- Reach out to the project maintainers and offer your help.
Career center
Learners who complete Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation will develop knowledge and skills
that may be useful to these careers:
Systems Administrator
Systems Administrator
Systems Administrators are responsible for managing and maintaining computer systems. This course can help Systems Administrators by teaching them how to use command and scripting interpreters to automate system administration tasks and improve their efficiency. These skills can help Systems Administrators manage and maintain computer systems more effectively.
Penetration Tester
Penetration Tester
Penetration Testers are responsible for identifying and exploiting vulnerabilities in computer systems. This course can help Penetration Testers by teaching them how to use command and scripting interpreters to automate penetration testing tasks and improve their efficiency. These skills can help Penetration Testers identify and exploit vulnerabilities more quickly and effectively.
Information Security Analyst
Information Security Analyst
Information Security Analysts are responsible for protecting organizations from cyber threats. This course can help Information Security Analysts by teaching them how to use command and scripting interpreters to detect and respond to security incidents. These skills can help Information Security Analysts improve their ability to protect organizations from data breaches and other security threats.
Security Engineer
Security Engineer
Security Engineers are responsible for designing and implementing security solutions to protect organizations from cyber threats. This course can help Security Engineers by teaching them how to use command and scripting interpreters to automate security tasks and improve their efficiency. These skills can help Security Engineers design and implement more effective security solutions.
Security Analyst
Security Analyst
Security Analysts are responsible for monitoring and analyzing security data to identify and respond to security threats. This course can help Security Analysts by teaching them how to use command and scripting interpreters to automate security analysis tasks and improve their efficiency. These skills can help Security Analysts identify and respond to security threats more quickly and effectively.
Network Security Engineer
Network Security Engineer
Network Security Engineers are responsible for designing and implementing network security solutions. This course can help Network Security Engineers by teaching them how to use command and scripting interpreters to automate network security tasks and improve their efficiency. These skills can help Network Security Engineers design and implement more effective network security solutions.
Network Administrator
Network Administrator
Network Administrators are responsible for managing and maintaining computer networks. This course can help Network Administrators by teaching them how to use command and scripting interpreters to automate network management tasks and troubleshoot network issues. These skills can help Network Administrators improve their efficiency and productivity.
Data Analyst
Data Analyst
Data Analysts are responsible for collecting, cleaning, and analyzing data to help businesses make informed decisions. This course can help Data Analysts by teaching them how to use command and scripting interpreters to automate tasks and extract insights from complex data sets. These skills can help Data Analysts improve their efficiency and accuracy, and gain a competitive edge in the job market.
IT Auditor
IT Auditor
IT Auditors are responsible for reviewing and evaluating IT systems to ensure that they are operating in accordance with regulations and best practices. This course can help IT Auditors by teaching them how to use command and scripting interpreters to automate audit tasks and improve their efficiency.
Cloud Engineer
Cloud Engineer
Cloud Engineers are responsible for designing, implementing, and managing cloud computing solutions. This course may be useful for Cloud Engineers who want to learn how to use command and scripting interpreters to automate cloud management tasks and improve their efficiency.
Machine Learning Engineer
Machine Learning Engineer
Machine Learning Engineers are responsible for developing and deploying machine learning models. This course may be useful for Machine Learning Engineers who want to learn how to use command and scripting interpreters to automate machine learning tasks and improve their efficiency.
Web Developer
Web Developer
Web Developers are responsible for designing, developing, and maintaining websites. This course may be useful for Web Developers who want to learn how to use command and scripting interpreters to automate web development tasks and improve their efficiency.
Data Scientist
Data Scientist
Data Scientists are responsible for using data to solve business problems. This course may be useful for Data Scientists who want to learn how to use command and scripting interpreters to automate data science tasks and improve their efficiency.
Software Developer
Software Developer
Software Developers are responsible for designing, developing, and maintaining software applications. This course may be useful for Software Developers who want to learn how to use command and scripting interpreters to automate software development tasks and improve their efficiency.
Technical Support Specialist
Technical Support Specialist
Technical Support Specialists are responsible for providing technical support to users. This course may be useful for Technical Support Specialists who want to learn how to use command and scripting interpreters to automate support tasks and improve their efficiency.
For more career information including salaries, visit:
OpenCourser.com/course/z93b0b/volt
Reading list
We've selected nine books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation.
Provides a deep dive into the internal workings of Windows, including the Windows Command Shell. It offers advanced knowledge for understanding how Volt Typhoon exploited these components.
Offers a practical guide to malware analysis, including techniques for identifying and understanding malicious code that may leverage command and scripting interpreters. It provides hands-on experience in analyzing malware samples and understanding their behavior.
Provides a comprehensive overview of PowerShell, including advanced scripting techniques. It offers valuable insights into how Volt Typhoon may have leveraged PowerShell for malicious purposes.
Provides a detailed overview of incident response and computer forensics, covering techniques for investigating and responding to cyber attacks that may involve the use of command and scripting interpreters. It offers guidance on evidence collection, analysis, and reporting.
Delves into memory forensics, a critical skill for detecting malware and threats that may utilize command and scripting interpreters. It provides a thorough understanding of memory analysis techniques and how to identify malicious activity.
Provides insights into hacker techniques, tools, and incident handling. It offers a practical understanding of how attackers use command and scripting interpreters and how to defend against their tactics.
This handbook provides guidance from the Cybersecurity and Infrastructure Security Agency (CISA) on cybersecurity best practices, including measures to protect against attacks that may involve the use of command and scripting interpreters.
Provides a hands-on approach to network security assessment, including techniques for identifying vulnerabilities that may be exploited using command and scripting interpreters. It offers practical guidance on conducting network security assessments and identifying potential threats.
Focuses on network security monitoring, covering techniques for detecting and preventing cyber attacks that may involve the use of command and scripting interpreters. It provides a comprehensive understanding of security monitoring tools and strategies.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/z93b0b/volt
Share
Similar courses
Here are nine courses similar to
Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation.
Hands-on Introduction to Linux Commands and Shell Scripting
OpenCourser.com/course/czub4g/hands
Hands-on Introduction to Linux Commands and Shell...
Most relevant
Linux Commands & Shell Scripting
OpenCourser.com/course/i1okpq/linux
Linux Commands & Shell Scripting
Most relevant
Linux Shell Scripting: A Project-Based Approach to Learning
OpenCourser.com/course/jzsajz/linux
Linux Shell Scripting: A Project-Based Approach to...
Most relevant
The Bash Shell and Basic Scripting in Linux
OpenCourser.com/course/trxtpr/the
The Bash Shell and Basic Scripting in Linux
Most relevant
Volt Typhoon: T1070.003 Indicator Removal Emulation
OpenCourser.com/course/072dpj/volt
Volt Typhoon: T1070.003 Indicator Removal Emulation
Most relevant
Execution with Unicorn
OpenCourser.com/course/tb6tqw/execution
Execution with Unicorn
Most relevant
Learning Windows PowerShell
OpenCourser.com/course/oa8ag1/learning
Learning Windows PowerShell
Most relevant
Scripting for Security with Bash
OpenCourser.com/course/gdrrry/scripting
Scripting for Security with Bash
Most relevant
Command and Control with PoshC2
OpenCourser.com/course/cyr9jd/command
Command and Control with PoshC2
Most relevant
Time
480 hours
Level
Intermediate
Via
Pluralsight
Instructor
Matthew Lloyd Davies
Language
English
Good to know
Develops command and scripting interpreter emulation skills and knowledge, which are core skills for cybersecurity professionals
Taught by instructors with expertise in cybersecurity, Matthew Lloyd Davies, recognized for their work in the field
Examines Volt Typhoon's techniques, which are highly relevant to understanding cybersecurity threats and defenses
Provides insights into the stealth tactics used by sophisticated threat actors, adding color to the understanding of cybersecurity
Requires prior knowledge in cybersecurity, making it suitable for intermediate learners
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser